Themes Vulnerabilities

Real Estate 7 < 3.3.5 - Multiple CSRF

Description

The theme does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, for example create/delete arbitrary lead alerts, manipulate properties (add/remove from favourite) etc

Proof of Concept

Affects Themes

realestate-7
Fixed in 3.3.5

References

URL
https://packetstormsecurity.com/files/#171170/

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
FearZzZz
Verified
No
WPVDB ID
6230f21c-f950-4476-a56a-5d81761a0608

Timeline

Publicly Published
2023-02-28 (about 3 years ago)
Added
2023-03-06 (about 3 years ago)
Last Updated
2023-03-06 (about 3 years ago)

Other

Published
Title
Published
2025-10-24
Title
Advanced Database Cleaner < 3.1.7 - Settings Manipulation via CSRF
Published
2025-02-13
Title
My Login Logout Plugin <= 2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2024-09-04
Title
adstxt Plugin <= 1.0.0 - Settings Update via CSRF
Published
2023-09-29
Title
Add Shortcodes Actions And Filters < 2.10 - Settings Update via CSRF
Published
2024-01-04
Title
Depicter Slider < 2.0.7 - Settings Update via CSRF